Configure Admin API access claims in Smart API Manager - Intergraph Smart 3D Web API - Update 2 - Installation & Upgrade - Hexagon

To configure access claims in Smart API Manager, you use the Smart API Manager web application to authorize Smart Clients, add groups, add supported claim types, and add claims to groups.

For more help with the Smart API Manager application, see the Intergraph Smart API Manager help.

Open the Intergraph Smart API Manager web application

1. Navigate to the Intergraph Smart API Manager Dashboard Manager website.

2. Sign in using an administrator account.

Authorize the Smart Client

1. On the left panel, click Smart Clients .

2. Add a new Smart Client entry for each client that accesses the API.

3. Make a note of the Client ID and secret because you need them later when fetching a token.

Add groups

1. On the left panel, click Groups .

2. Click the group in the grid to see its details.

3. Create and name the group.

4. Define the external identities and users that are part of the group.

Get the resource identifier for the Smart API

1. On the left panel, click Smart APIs .

2. Click the Smart API in the grid to see its details.

3. Select the entry that was created when you configured the Admin Web Server in the configuration tool. This entry has:

   • A product value of S3D

   • A URL that matches the website you chose in the Configuration Utility's Admin Web Server page, in the Site Information section

4. Make a note of the resource identifier for the API. You will need this in the future to fetch a token.

Add supported claim types

The Configuration Utility automatically adds supported claim types for an API to Smart API Manager. Here, you can check that they were added correctly.

1. On the left panel, click Smart APIs .

2. Click the Smart API in the grid to see its details.

3. In the Supported Claim Types area, verify that the SiteCreatorAccess claim type appears and has the following values. If not, correct it.

   Value	Setting
   Name	SiteCreatorAccess
   User Name	Site creator access
   Type	Enum
   Values	Grant
   Required	Unchecked
   Unique	Checked

4. Verify that the SiteReadAccess claim type appears and has the following values. If not, correct it.

   Value	Setting
   Name	SiteReadAccess
   User Name	Read access to site
   Type	String
   Values	leave blank
   Required	Unchecked
   Unique	Unchecked

5. Verify that the SiteWriteAccess access claim type appears and has the following values. If not, correct it.

   Value	Setting
   Name	SiteWriteAccess
   User Name	Writer access to site
   Type	String
   Values	leave blank
   Required	Unchecked
   Unique	Unchecked

Add claims to a group

1. On the left panel, click Smart APIs .

2. Click the Smart API in the grid to see its details.

3. In the Authorized Groups section, click Add Group.

4. Add the necessary claims for each plant in the Smart 3D site:

   Claim	Required For
   SiteCreatorAccess	Configurations where the user is expected to perform the CreateSite, RestoreSite, or EnableSite actions.
   SiteReadAccess	Each SiteAlias on the site that the user will have read access to. The user has read access to all entities and can perform a GET operation.
   SiteWriteAccess	Each SiteAlias on the site that the user will have write access to. The user can perform PATCH, PUT, POST, and DELETE operations, and all actions except those that only the SiteCreatorAccess claim allows users to do.

   Make sure to:

   • Prefix the site name to the plant name using the syntax SiteName:PlantName.

     To give access to multiple plants, use an asterisk ( * ) as a wildcard. For example, to give access to all plants give a plant name of *.

   • Repeat these steps for any existing groups that access one or more plants in the Smart 3D Site.

What's next?

You're done with Smart API Manager, and ready to move on to enabling HSTS.